CVE-2014-8799 Scanner

The DukaPress plugin is an e-commerce solution for WordPress that enables users to easily sell products and services on their websites. With DukaPress, users can create product pages, manage orders, and process payments seamlessly. However, a vulnerability in version 2.5.4 and below of DukaPress has been discovered that can compromise the security of websites using this plugin.

The vulnerability, with the code CVE-2014-8799, is a directory traversal bug found in the dp_img_resize function in php/dp-functions.php. This bug allows attackers to read arbitrary files through a ".." in the 'src' parameter to lib/dp_image.php. In other words, this vulnerability enables attackers to access sensitive files and data on the targeted website.

When exploited, this vulnerability can result in attackers gaining access to sensitive files such as password files, configuration files, and other sensitive data that can lead to a complete website takeover. This vulnerability can also lead to unauthorized access to customer information, which can result in a data breach.

In conclusion, it is essential to stay informed about vulnerabilities in digital assets, such as websites. With the pro features of the s4e.io platform, it is easy to quickly learn about vulnerabilities and take action to protect your online assets. Stay vigilant and take proactive measures to protect your website from malicious attacks.

REFERENCES

• http://security.szurek.pl/dukapress-252-path-traversal.html
• http://www.exploit-db.com/exploits/35346
• https://exchange.xforce.ibmcloud.com/vulnerabilities/98943
• https://plugins.trac.wordpress.org/changeset/1024640/dukapress
• https://wordpress.org/plugins/dukapress/changelog/